Credit cards have been used for decades. A credit card typically has a 16-digit number (credit card number), a 4-digit number (expiration date), and a cardholder's name and business affiliation (if any) embossed on the front side of the card. The logo of the credit association or acquiring bank, or both, is also printed on the front side. On its back side is a magnetic stripe wherein all the pertinent personal information of the cardholder, such as primary account number, name, expiration date and encrypted Personal Identification Number (PIN) are encoded. The information contained in the magnetic stripe is not visible or readable directly from the card except with the use of special decoding equipment, such as a magnetic stripe reader. Also appearing on the backside is a space for accommodating the cardholder's personal signature and more printed information about the credit card issuer and/or Automatic Teller Machine (ATM) locations.
Prior to the ever-increasing use of online credit card purchases of goods and services on the Internet over the past several years, there were only two common forms of credit card transactions used by the general public. According to the parlance of the credit card industry, the first form of transaction is dubbed “face-to-face.” A face-to-face transaction is one when the merchant establishes visual contact with the cardholder and the credit card and is therefore able to check the signature, verifying expiration date, etc. during a transaction. The second form of transaction is dubbed “MOTO” which stands for “Mail Order Telephone Order”. A MOTO transaction is one when the consumer uses mail, phone or facsimile to order goods or services and the merchant does not have direct visual contact with the credit card or the credit card holder.
Unauthorized or fraudulent use of credit card purchases for goods and services has been with the industry ever since its inception. Although consumers generally face little financial risk because federal law caps consumer liability for unauthorized charges on credit cards at $50, the loss to merchants and card issuers is far more significant and amounts to hundreds of millions of dollars per year. For face-to-face transactions, if the unauthorized use of a credit card occurs despite the merchant following all the rules established by the credit card associations, it is the issuer or acquiring bank that will be responsible for such a loss. For MOTO transactions, on the other hand, it is the merchant that will bear the brunt of the responsibility for fraudulent credit card charges. With the advent of the Internet and the incredible rate of increase in online credit card transactions for goods and services, the issue of credit card fraud has once again grasped the attention of the industry. Since an online credit card transaction is treated as a MOTO transaction, it is merchants that bear the brunt of the responsibility if any fraud should occur.
Over the past two decades, many different ideas, methodologies and hardware 5 have been advanced in the field of credit card transactions with the hope of providing a more secure credit card to the user. These efforts have, in large part, been especially concerned with protecting against stolen credit cards or their unauthorized use by a perpetrator who falsely assumes someone else's identity. While the prior art is replete with various and diverse secured or even smart credit card systems, credit card fraud is still a serious and widespread problem. This is because many attempts to provide a smart, secure credit card system in the past have proven to be too complex and user-unfriendly, and this is believed why such cards, with the exception of American Express' Smart or Blue Card (see below), have not gained user acceptance.
One conspicuous example among many can be found in U.S. Pat. No. 4,614,861 issued in 1986 to Parlov et al. In this patent, the inventors advanced the idea of a unitary, self-contained credit card which has the ability to verify a personal identification number (PIN) which is entered directly into the card by way of a keyboard without the use of an outside terminal. Furthermore, a transaction identification code (TIC), which varies for each transactional use of the credit card, is automatically generated for later transaction validity verification after a valid PIN is entered and accepted by the card. While the methodology advanced at the time was indeed novel in its capability of eliminating unauthorized or fraudulent use other than by the card owner, it suffered nonetheless from a number of major drawbacks. First and foremost is the complexity of the system itself. The instructions of how to use the credit card alone are a major burden to card owners in order to ready the card for even a simple routine transaction. In other words, the credit card system is extremely user-unfriendly. Second, the system requires the additional use of a peripheral device and also a card validation device in order to safeguard and facilitate the transaction algorithm for achieving the level of security for the system. Such a requirement of additional equipment further complicates the utility and elevates the already expensive components cost of the system. Third, the system is incompatible with existing credit card transaction infrastructure and merchants who opt to use such a system must invest in new and expensive equipment in order to reap the system benefits. Consequently, such a credit card system has not achieved a widespread level of acceptance and usage by the general public.
In U.S. Pat. No. 4,650,978 issued to Hudson et al. in 1987, a similarly complicated “bank” cash card system is advanced for handling fund transfer transactions between a payor and a payee having a magnetic “hysteresis” security arrangement. A cash card has a magnetic stripe on which the available cash balance, the identification and security information are scramble recorded. A transaction register machine reads data from the card, carries out the transaction and records the new account balance on the card. The modified information is “restored” on the card in the form of a re-scrambled code. The transaction register machine also includes a magnetic tape of the cassette type or disk for storing each transaction thereon for further processing of the information at a remote data processing center. The transaction register machine further includes a main keyboard on the side of the payee for displaying the cash balance, for entering the total amount of the sale and recording the new cash balance on the card. The main keyboard is responsive to the cardholder's keyboard which has a slot for insertion of the card for verification by entering the correct identification number known only to the card holder. Again, the complexity of such a system, together with its inherent incompatibility with the existing credit card transaction infrastructure, has proved to be too much of a barrier for the system to be widely accepted and implemented by the financial community.
In U.S. Pat. No. 4,868,376 issued to Lessin et al. in 1989, a general purpose, re-programmable intelligent card is advanced. The card includes an alphanumeric keyboard, an alphanumeric display and one or more input/output ports controlled by a microprocessor and programs stored in a memory associated with the microprocessor. The microprocessor is provided with an operating system and may be programmed or re-programmed for a specific application or for a variety of applications. While the card can serve multiple functions, it still suffers from several drawbacks that prevent it from being widely accepted by the general public, including its complexity in use, its innate incompatibility with existing credit card transaction infrastructure and the resultant high cost of operating such a system.
In U.S. Pat. No. 5,818,030 issued to Reyes in 1998, a secure, smart credit card having the same basic dimensions of a standard credit card is advanced. This invention provides a security system that uses the concept of a key, which, when removed, prevents unauthorized use of the card. The so-called dual device system has two parts. A first part is a micro programmable central unit (CPU) in the main body. The second part is an engageable intelligent micro memory module that functions as a key unit and is configured to join the main body to form an engaged unit having the general dimensions and appearance of a “smart credit-type card.” The CPU of the main body and instructions are designed to operate in conjunction with the external intelligent micro memory module or key unit. The key unit stores the programs and date required by the processor CPU in the main body to allow the user to operate the credit card system. Although such a credit card system has the ability to help prevent unauthorized or fraudulent use, it is unlikely that this system will be widely accepted in the financial community because of its operational complexity from the user's standpoint, and its questionable compatibility with the prevalent credit card transaction infrastructure.
In U.S. Pat. No. 6,012,636 issued to Smith in 2000, a multiple application card data system is comprised of a data management device and a user card (a dual component system). This credit card system is, by design, rather complicated. A user can carry a single card that may be modified at will to, in effect, be a clone for any one of the user's provider data cards, through use of a companion data management device that can store data from a plurality of provider data cards. However, the system requires a user's interaction in order to transfer data from the data management device to the user card. In addition, the data management device also stores a digital data representation of the user's fingerprint for verifying the user's identity when compared with an actual scanning of the user's fingerprint image by the same device during the process of verification. Thus, the user's identification verification is by no means a simple procedure. Furthermore, the user card itself comprises two memories for storing data. The first memory stores data issued by a service provider and the second memory stores a set of data unique to the user. Before the user's scanned fingerprint image can be used for identification purposes, the data management device must first verify the data contents of the two memories resident on the user card. Without even raising the issue of the questionable public acceptance today with regards to using fingerprint imaging as a form of personal identity, the procedures the card user must endure in order to safeguard the card's security against unauthorized usage are far too complicated. It is believed that a much simpler card system can work just as well against unauthorized fraudulent use of credit cards without such burdensome overhead.
In U.S. Pat. No. 5,317,636 issued to Vizcaino in 1994, a method and apparatus for securing credit card transactions is advanced. This invention relates to the apparatus of authorizing credit card transactions and includes a system which is made up of an authorization computer and a credit card that work in conjunction to enhance the security of credit card transactions. More specifically, the system includes a smart credit card that includes a microprocessor processor, associated memories and a liquid crystal display. The credit card is used to produce a unique verification number by processing a transaction sequence number with an encryption algorithm. The verification number is then displayed in the display device, and can be transmitted to the authorization computer along with a customer identifying account number. The computer, which is used for authorizing the credit card transactions for the customers of the credit card issuer, uses the account number to access an account file for the credit card customer. That account file has general account data for the given customer, as well as a transaction sequence number, which corresponds to the transaction sequence number stored in the credit card. Additionally, the account file includes a de-encryption algorithm, which is complementary to the encryption algorithm of the credit card, such that the computer can use the de-encryption algorithm together with the verification number to produce a computed transaction sequence number.
The computed transaction sequence number is compared to the transaction sequence number stored in the computer to determine whether the two numbers correspond to one another. If they do, then the computer will authorize the transaction, if they do not, then the transaction will be rejected.
Both transaction sequence numbers, the one in the card and the one in the computer, are changed, preferably by increment, after the authorized transaction so that a different verification number is generated and used in the authorization of each different credit card transactions. Thus, the verification number used in one given transaction will not be useful in a subsequent transaction. Therefore, even if someone were to see the verification number used in one transaction, they would not be able to use it in a subsequent transaction.
This invention truly advances a viable methodology for preventing unauthorized usage for credit card transactions. However, such a methodology still has drawbacks. One drawback is that crucial information pertaining to the card holder and the encryption algorithm resident in the memory of the resident microprocessor on the card are not immune from discovery by modern day electronic piracy. Because the credit account number and the verification number generated for each transaction are both visibly made available to the merchant so they can be sent to a remote processing center for subsequent authorization, once the contents of a card is illegally obtained, there is no way to safeguard against subsequent large scale fraud. Another drawback is that transmittal of the encrypted verification number, which is an alphanumeric number comprising 14 or more characters, rather than a 4-decimal character PIN, along with the user identifying credit card number, might not be compatible with existing credit card transaction infrastructure. In the real world, this represents a major roadblock for whether or not such a system will be accepted by the financial community.
In U.S. Pat. No. 5,627,355 issued to Rahman et al. in 1997, security equipment protecting the relaying of account numbers and personal identification numbers (PIN) by telephonic or other communication link is advanced. The equipment includes a host computer and a remote portable transaction device that interact with one another. A credit granting institution generates an account number and a series of unique personal identification numbers for each account number. This information is stored in the host computer's memory and is assigned as a reference series to an individual customer account number. An identical series of numbers in the same sequence is stored in the memory of the remote device. In operation, the customer account on the host computer is activated and the host computer's memory is indexed sequentially to the first number in the reference series. During use of the remote device, a unique personal identification number is added to the customer account number and transmitted to the host computer. There it is compared to the account number and personal identification number in the reference series. The computer will authorize the transaction if the number in the stored series is identical to the number in the reference series; otherwise the transaction will be denied or questioned.
The method advanced in U.S. Pat. No. 5,627,355 for preventing theft of credit information, in particular the personal identification numbers (PIN), has a number of operational disadvantages. In this patent's teaching, the credit card number is always visible for use by anybody getting hold of the card. This number, along with a special PIN visibly generated on command on the card which varies sequentially in synchronism with the issuer from transaction to transaction, must be passed on to the credit granting institution for authorizing the transaction. Even though the PIN is unique for each transaction, there is nothing to stop anyone in possession of a stolen card from sequentially generating the right combination of the PIN and account number, even though it might take some time to successfully carry out an unauthorized transaction.
Furthermore, it is operationally questionable whether or not the method taught in U.S. Pat. No. 5,627,355 (Rahman et al.) is actually scaleable. Because the host computer has to store so many PIN numbers (literally hundreds for each customer alone that has multiple credit cards from different providers), access time and memory capacity of the host computer may become critical parameters in terms of whether the processing system will function smoothly as the number of card holders grows larger. The same worry also applies to occasional but unavoidable system glitches when such a huge quantity of numbers has to be reconciled.
In U.S. Pat. No. 5,955,961 issued to Wallerstein in 1999, a programmable transaction card is proposed. Such a programmable transaction card enables accessing a selected one of a plurality of different accounts with the same or different financial institutions through communication with an authorization center while providing important anti-fraud features. The transaction card includes a keyboard for selecting a desired account and for entering optional identification information for the card. The transaction card generates an account number corresponding to the selected account. The account number, together with the identification information, if entered, is presented in a form that is readable by a reader device but is not discernable by the human eye, e.g. by emulation of a magnetic strip or an optical pattern. After a reader device (magnetic or optical reader) reads the account number and the identification information during a transaction, the account number and the identification information are transmitted to the authorization center for verification and access to the selected account.
At first glance the programmable transaction card advanced in U.S. Pat. No. 5,955,961 (Wallerstein) has packed away too many features in it so as to render it rather cumbersome and complicated to use, expensive to implement and user-unfriendly. For example, when data presentation takes the form of a magnetic strip, a rather bulky inductor coil (electromagnet) must be deployed and form part of the card itself in order to generate the time-varying magnetic field needed for transmitting the encoded information to a conventional magnetic reader. Inclusion of such an inductor on the transaction card will certainly make it bulkier, and it is questionable whether it is actually compatible with most magnetic strip readers which read data via swiping the magnetic strip through a static reader head. Also, incorporation of the feature of being able to select from a plurality of different accounts necessitates the use of an awkward thumb-wheel switch on the card, which is less user-friendly. The same applies to the situation when tonal identifying controls are added to the card, which will certainly make the latter even more bulky. Furthermore, it is questionable whether credit card users would even know or appreciate how to use the tonal identification features of this transaction card.
Technically speaking, the use of a time-varying magnetic field to transfer information encoded on the transaction card to a conventional magnetic stripe reader is highly risky and certainly represents a big deviation from the normal magnetic data transfer interface. When all these extra but not necessarily useful features (at least for most ordinary credit card holders) are incorporated into this transaction card, such a card will be much more complicated and less friendly to use.
Starting out in Europe a few years back, a new kind of credit card was introduced, called the “SmartCard,” with the hope of using new technologies to combat fraudulent online credit card transactions. Such a card actually includes a microchip and a card reader to connect to a user's personal computer (PC). With the use of the card reader, all transaction information, including personal information pertaining to the cardholder, are heavily encrypted with the most advanced security standard before such information is sent out over the Internet. However, such encryption requires special equipment provided to the cardholder. And, despite heavy promotional and advertisement expenditures, the SmartCard system has not yet been well received in the United States.
In summary, all of the above-noted advancements of credit card system ideas, methodologies and hardware are primarily directed to security aspects of credit cards, particularly against stolen cards or perpetrators illegally assuming somebody's identification after successfully intercepting the individual's personal and financial information on or off the Internet. However, nearly all of the systems proposed to date are either too complicated, tending toward overkill in some cases, or user-unfriendly, or too costly to implement or simply incompatible with existing credit card transaction infrastructure. Thus, there is a long-felt need for a simple, user-friendly, low-cost way to deter credit card fraud in an existing infrastructure-compatible credit card system.
In addition, there has been a failure to recognize, much less address, issues of privacy or anonymity associated with the use of credit cards in general. This has become an even greater concern as credit cards are being used to conduct transactions over the Internet. While consumers are protected from large financial losses that may occur through Internet credit card fraud, they are not protected from potential loss of consumer personal privacy while doing business on the Internet. To execute an online credit card purchase, a consumer has to supply a merchant with the consumer's name, address and a valid credit card number, in addition to the kind of merchandise or service that the consumer is buying. Although such a transaction may appear no different than executing a telephone order, it is far different because the consumer's personal information is up for grabs by anybody capable of intercepting such information as it is transmitted through the Internet. This is a very serious concern in view of the increasingly widespread and prevalent practices of data collection that are being used to profile buying habits of online consumers, especially as profiling extends to such information as buying habits, buying frequency, dollar value and merchandizing taste.
Accordingly, there is a long felt need for better methods of preventing credit card fraud that are not only user friendly, but that also protect the privacy of credit card users.